Dolibarr ERP & CRM » Bugs » bug #1437 Securitu IssueDernières modifications
Répondre
État Détails |
Submitted by: | HENRY Florian (fhenry) | | Submitted on: | 04/06/2014 12:15 |
Last Modified On: | 09/06/2014 12:34 | |
Summary: | Securitu Issue |
Description: | Deepak Rathore address@hidden send to fundation by mail a security repport on Dolibarr |
Step to reproduce bug: | Check attachement |
Detected in version: | 3.5.2 | | Category: | Security |
Severity: | 8 | | OS Type/Version: | |
PHP version: | | | Database type and version: | |
Etat |
Status: | Open | | Assigned to: | HENRY Florian (fhenry) |
Resolution: | Aucun | |
Commentaires- Cedric GROSS 09/06/2014 16:47
- http://www.php.net/manual/fr/function.filter-input.php and so on could be a solution.
- HENRY Florian 09/06/2014 12:34
- Some of them can be fix, because GETPOST even with 'alpha' test do not
warn if input is
"2%2F0%2F1234%3cscript%3ealert%2893275%29%3c%2fscript%3e"
for exemple
I don't have magical solution for this kind of security issue |
|